exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files

EMC Documentum Content Server CVE-2014-2513 Bad Fix
Posted Jul 9, 2015
Authored by Andrey B. Panfilov

The fix for the EMC Documentum Content Server vulnerability as highlighted in CVE-2014-2513 appears to be partial and still exploitable via slightly modified means.

tags | exploit
advisories | CVE-2014-2513
SHA-256 | e93c2829969b19c504cd3f1c57ed73580f7207de2859d1e952e49e3a60186fc8

Related Files

WebKit JSC Incorrect Optimization
Posted Oct 3, 2017
Authored by Google Security Research, lokihardt

A proof of concept has been released that bypasses the fix for the original finding regarding an incorrect optimization in BytecodeGenerator::emitGetByVal in WebKit JSC.

tags | exploit, proof of concept
advisories | CVE-2017-7117
SHA-256 | 424b380e7d3c1cbc0226f7a72afefbd2fcb4158f18e5251ba138a6ab2b914b5b
Ubuntu Security Notice USN-3199-2
Posted Feb 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3199-2 - USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.

tags | advisory, python
systems | linux, ubuntu
SHA-256 | ffdcb4098907eacbe478078964c23d7b8fe357a3fb8a5cf606b1d9935d33f913
EMC Documentum Content Server Code Execution
Posted Aug 18, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2015-4532
SHA-256 | c2bedfbc57a00c51150a01873bae989bcc87b6d4e0f981bb7614f0a531896758
EMC Documentum Content Server Privilege Escalation
Posted Aug 18, 2015
Authored by Andrey B. Panfilov

EMC Documentum Content Server suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2011-4144, CVE-2014-4622, CVE-2015-4531
SHA-256 | 80285eb669610b3c918abc9181df00a398f6734029af4b07e148e171da2b1654
EMC Documentum Content Server ESA-2014-105 Fail
Posted Jul 7, 2015
Authored by Andrey B. Panfilov

A vulnerability exists in the EMC Documentum Content Server which allows an authenticated user to elevate privileges, hijack Content Server filesystem, or execute arbitrary commands by creating malicious dm_job objects. Although ESA-2014-105 claimed to remediate this issue, it persists.

tags | exploit, arbitrary
systems | linux
advisories | CVE-2014-4626
SHA-256 | c2fab15b7849733e911e9d40873b3af36fa3fddd78061a30c82067805f9a0abd
Red Hat Security Advisory 2015-0776-01
Posted Apr 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0776-01 - Docker is a service providing container management on Linux. It was found that the fix for the CVE-2014-5277 issue was incomplete: the docker client could under certain circumstances erroneously fall back to HTTP when an HTTPS connection to a registry failed. This could allow a man-in-the-middle attacker to obtain authentication and image data from traffic sent from a client to the registry.

tags | advisory, web, registry
systems | linux, redhat
advisories | CVE-2015-1843
SHA-256 | b89975366ee6328c10cdb0972ba6d35579d720825039dd0de3a5990c71892d7a
Debian Security Advisory 2857-1
Posted Feb 10, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.

tags | advisory, xxe
systems | linux, debian
advisories | CVE-2013-6429, CVE-2013-6430
SHA-256 | 9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796
Spring XXE Injection Incomplete Fix
Posted Jan 15, 2014
Authored by Pivotal Security Team

The fix for the XXE injection vulnerability in Spring's framework was incomplete when addressing the issue outlined in CVE-2013-4152. Versions affected include Spring MVC 3.0.0 to 3.2.4 and Spring MVC 4.0.0.M1 to 4.0.0.RC1.

tags | advisory, xxe
advisories | CVE-2013-4152, CVE-2013-6429
SHA-256 | 173314b9e0698f8b4a1f988549c3ab83bb9af713cd2cc7374742743449dc9f25
Red Hat Security Advisory 2013-1076-01
Posted Jul 17, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1076-01 - The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.

tags | advisory, remote, kernel
systems | linux, redhat
advisories | CVE-2013-2116
SHA-256 | e514c34f443c7c63e0a1cb1c40019ce86c10b07bf91c91138fe0259c0e5141ac
Apache Santuario XML Security For C++ Denial Of Service / Bypass
Posted Jun 18, 2013
Authored by James Forshaw

A bug exists in the processing of the output length of an HMAC-based XML Signature that would cause a denial of service when processing specially chosen input. Exploitation of this issue does not require authenticated content. In very unusual cases, inputs could be chosen in such a way that the fix for the issue in CVE-2009-0217 could be bypassed, enabling improper verification of a signature. Versions prior to 1.7.1 are affected.

tags | advisory, denial of service
advisories | CVE-2013-2155
SHA-256 | 4ed699c9710bffc9e07a34e7f30bd97e55b2305af63662dc2f499d685d727662
Red Hat Security Advisory 2013-0883-01
Posted May 31, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0883-01 - The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0588 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS. Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.

tags | advisory, remote, protocol
systems | linux, redhat
advisories | CVE-2013-2116
SHA-256 | 985b08bb5e85e3bdab1ce08986444bf23688b3dd64bb4f77591741bf2232aaad
Red Hat Security Advisory 2013-0121-01
Posted Jan 8, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0121-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. It was found that the fix for the CVE-2009-4030 issue, a flaw in the way MySQL checked the paths used as arguments for the DATA DIRECTORY and INDEX DIRECTORY directives when the "datadir" option was configured with a relative path, was incorrectly removed when the mysql packages in Red Hat Enterprise Linux 5 were updated to version 5.0.95 via RHSA-2012:0127. An authenticated attacker could use this flaw to bypass the restriction preventing the use of subdirectories of the MySQL data directory being used as DATA DIRECTORY and INDEX DIRECTORY paths. This update re-applies the fix for CVE-2009-4030.

tags | advisory
systems | linux, redhat
advisories | CVE-2012-4452
SHA-256 | 17e3f371b831fa444dc7ad24136681e62ffa7eaa676fa8fdb0919f28a0afef0a
Mandriva Linux Security Advisory 2009-030
Posted Dec 9, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues. Packages for 2008.0 are being provided due to extended support for Corporate products.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0135, CVE-2009-0136
SHA-256 | 9e38ac57b978f81b9a736dd76fb0aa10e2d398eee8cbab2106dee52124428a27
Mandriva Linux Security Advisory 2009-026
Posted Feb 26, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-026-1 - phpMyAdmin suffered from cross site scripting, cross site request forgery, and SQL injection vulnerabilities. This update provide the fix for these security issues. The previous update packages wasn't signed, this time they are.

tags | advisory, vulnerability, xss, sql injection, csrf
systems | linux, mandriva
advisories | CVE-2008-4775, CVE-2008-5621, CVE-2008-5622
SHA-256 | cb03b4a7f45f173639487a0d4ba5713cd6777f5c6fad1c3fcf62282aa78368ca
Mandriva Linux Security Advisory 2009-030
Posted Jan 27, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-030 - Data length values in metadata Audible Audio media file (.aa) can lead to an integer overflow enabling remote attackers use it to trigger an heap overflow and enabling the possibility to execute arbitrary code. Failure on checking heap allocation on Audible Audio media files (.aa) allows remote attackers either to cause denial of service or execute arbitrary code via a crafted media file. This update provide the fix for these security issues.

tags | advisory, remote, denial of service, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2009-0135, CVE-2009-0136
SHA-256 | 2448fae9480dabfbee30745fd109ad6366e611bdd9d4839b93e762b8fd443e63
Mandriva Linux Security Advisory 2009-006
Posted Jan 13, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-006 - Heap-based overflow on functions to manipulate WMF and EMF files in OpenOffice.org documents enables remote attackers to execute arbitrary code on documents holding certain crafted either WMF or EMF files. ). This update provide the fix for these security issues and further openoffice.org-voikko package has been updated as it depends on openoffice.org packages.

tags | advisory, remote, overflow, arbitrary
systems | linux, mandriva
advisories | CVE-2008-2237, CVE-2008-2238
SHA-256 | 764b243a216d03ac1b187c250cae6ce495eea4fbd2df074611469d3ca0e9551b
l0phtl0phe-kid.c
Posted May 19, 2000
Authored by teso, scut | Site team-teso.net

l0phtl0phe-kid.c - Easy antisniff v1.02 exploit. l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks. This version has been made easy enough for script kiddies to use - to avoid that "doesn't work" lamer claim.

tags | exploit
SHA-256 | bd31032131862d82287cf734e1ae6420cdb563449a5eb13f9c348e7266dd300d
l0phtl0phe.c
Posted May 18, 2000
Authored by teso, scut | Site team-teso.net

l0phtl0phe.c - antisniff exploit (1.02 included). l0pht messed up the fix for their problem in antisniff by not regarding the type signedness properties of the char and int values used, resulting in a cool of method bypassing the extra length + strncat checks.

tags | exploit
SHA-256 | 936d433c03025bd9a3d606c0f3d43a479b07e715b0201d0e5f316e3adcac8c05
Page 1 of 1
Back1Next

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close